--- src/secure/lib/libssh/Makefile.etc	2005/09/08 13:14:30	1.2
+++ src/secure/lib/libssh/Makefile.etc	2008/05/16 11:44:55	1.3
@@ -15,4 +15,26 @@ FILESMODE=	644
 ${SSHDIR}/moduli:
 	@true
 
+BLACKLISTS!=	echo ${.CURDIR}/blacklist.*
+.for bl in ${BLACKLISTS}
+FILES+=	short.${bl:T}
+CLEANFILES+= short.${bl:T}
+FILESNAME_short.${bl:T}=	${bl:T}
+
+short.${bl:T}: ${bl}
+	@printf "# After these initial comments, all the lines in this file must be\n" > ${.TARGET}
+	@printf "# exactly the same length, and must be in sorted order. Each line must\n" >> ${.TARGET}
+	@printf "# consist of the lower-case key fingerprint (ssh-keygen -l -f\n" >> ${.TARGET}
+	@printf "# /path/to/key), without colons, and with the first 12 characters\n" >> ${.TARGET}
+	@printf "# removed (that is, the lower 80 bits of the fingerprint). Unless these\n" >> ${.TARGET}
+	@printf "# rules are followed, the blacklist will not work properly. See\n" >> ${.TARGET}
+	@printf "# ssh-vulnkey(1).\n" >> ${.TARGET}
+	@printf "#\n" >> ${.TARGET}
+	@printf "# Copyright: (C) 2008 Canonical, Ltd., License: GPL-3.\n" >> ${.TARGET}
+	sed -ne '/^#/!q;p;' ${.ALLSRC} >> ${.TARGET}
+
+	grep -v '^#' ${.ALLSRC} | cut -d ' ' -f 2 | cut -b13- | sort >> ${.TARGET}
+
+.endfor
+
 .include <bsd.prog.mk>